Network Monitoring

In most multiaccess networks, it is trivially easy for a host to set its network interface into "promiscuous mode", and copy all data frames which pass across the network.

This is called eavesdropping or (in some circles) packet snarfing. Once the host has copies of all the frames it desires, it can then analyse them to discover the data they contain.

Most data transfers across the Internet are not encoded (or encrypted) in any way Ð the data is simply sent as plain text. Thus it is simple to observe messages transmitted by others. This is the origin of the (oft repeated, and generally true) assertion that "The Internet is insecure".

An area where this insecurity can present a serious problem is password authentication. At Bendigo, students can use the TELNET protocol to connect to the various Unix systems. The password which is typed by the student is transmitted across the LAN as plain text, and can be observed by any other student using freely available PC software. You need to always be aware of this!

Encryption

Encryption - changing message contents to be unintelligible, requires decryption at receiver

Encryption security based on:

Single key encryption The key is the fundamental factor in the success of this system:

Single Key Systems - Vernam Cipher


Data Encryption Standard (DES)

three inputs / one output: Several modes of operation. Very complex, but now universally used in commerce.

Clipper

Difficulties:

Public Key Systems


Encryption Management

Location of Encryption Devices Key distribution Traffic Padding

Encryption Applications

Message Authentication Code Digital Signatures
This lecture is also available in PostScript format. The tutorial for this lecture is Tutorial #18.
Phil Scott